Submitted
by
Sparrowvsrevolution
on Thursday January 12, 2012 @06:22PM

Sparrowvsrevolution writes: At the Shmoocon security conference later this month, Danny Quist plans to demo a new three-dimensional version of a tool he’s created called Visualization of Executables for Reversing and Analysis, or VERA, that maps viruses’ and worms’ code into intuitively visible models. Quist, who teaches government and corporate students the art of reverse engineering at Los Alamos National Labs, says he hopes VERA will make the process of taking apart and understanding malware’s functionality far easier. VERA observes malware running in a virtual sandbox and identifies the basic blocks of commands it executes. Then those chunks of instructions are colorcoded by their function and linked by the order of the malware’s operations, like a giant, 3D flow chart. Quist provides a sample video showing a model of a section of the Koobface worm.